CyberWire Daily - Is the cyber talent ecosystem broken? [CISO Perspectives]
Episode Date: April 17, 2025Show Notes: The cyber talent ecosystem faces severe indigestion, which has stifled growth and closed doors to new talent. In this episode of CISO Perspectives, host Kim Jones sits down with Ed Adams,... the Head of Cybersecurity for North America at the Bureau Veritas Group, to discuss what has caused this indigestion and how leadership can better address these challenges. A key aspect of this conversation revolved around discussing Ed's book, See Yourself in Cyber: Security Careers Beyond Hacking, and how he expands the conversation surrounding traditional roles associated with cybersecurity. Want more CISO Perspectives?: Check out a companion blog post by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
So if I were asked to describe this podcast in one word, that word would be depth.
There are more than a handful of complex issues and challenges, technological and otherwise,
that plague the average CISO.
In many cases, we only hear about these issues during brief sessions during a conference,
or more often around the bar after the conference is over.
Speakers and podcasters try to address these problems with short sound bites and incomplete solutions that address only one facet of the issue.
At CISO Perspectives, we take a different approach.
We tackle a single complex issue over a multi-episode arc, looking at the issue from every conceivable
angle.
We bring in subject matter experts to discuss and debate the aspects of the issues on every
episode with concrete recommendations that, taken together, present a strategic approach
to solutioning the problem.
Welcome to CISO Perspectives. approach to solutioning the problem.
Welcome to CISO Perspectives.
My name is Kim Jones and I am thrilled to be your host for this season's journey.
For our inaugural season, we've chosen to address the challenges surrounding the cyber
talent ecosystem.
As a profession, we've been complaining about talent issues for the better part of a decade,
but our piecemeal, unidimensional solutions don't seem to be solving the problem.
To start the conversation, I'm going
to ask the overarching question, why does the cyber talent
ecosystem have indigestion?
Enjoy the ride. About seven years ago, I had the privilege of sitting down with a number of current and
former Fortune 500 CISOs.
We discussed how to structure a new training program for people seeking to enter the cybersecurity
field.
I was working with an organization that had funding locked in, and they were given the
freedom to structure a program any way they deemed appropriate.
Naturally, they sought the input of industry professionals.
After several hours of back and forth around content, skills to be taught, and levers
of rigor, I made the mistake of asking the obvious question.
So folks who go through this program would meet your requirements and be eligible for
entry-level positions, right?
After a long, awkward silence, the collective response was, well, no, not really.
After more gyrations around what would be needed to make these candidates eligible for
entry-level positions, one of the CISOs finally said bluntly, I'm not dodging your question,
Kim.
I'm deliberately not answering.
And the reason I'm deliberately not answering is because I honestly don't know."
The other CISOs around the table nodded in agreement.
The radical candor of the comment revealed to me more than the rest of these conversations
combined.
It was both mind-boggling and humbling to realize that we were designing a program to train people to enter the cyber security
field that would be, ultimately, ineffective.
The seasoned professionals whose needs we were attempting to meet had no idea what they
wanted in a candidate.
Us old security guys and gals, who I lovingly refer to as OSG's, we came up hard scrapped.
We were either thrust into or volunteered for
roles and positions that no one else wanted and that people barely understood. We earned our PhDs
from the school of hard knocks as we tried again, failed again, and failed better. Thank you, Samuel
Beckett. We developed the technologies, practices, and frameworks for our profession.
We learned to balance governance and assurance with innovative technologies such as wireless
and cloud.
We taught ourselves to speak the language of the business so that we could make our
concerns understood to business line leaders.
For the most part, we succeeded in building this evolutionary path.
Or did we?
While we have mostly stabilized the role of the security practitioner for the current
generation, one of the areas where we continue to fail is in charting a successful and consistent
pathway for people who wish to enter the cybersecurity profession.
Further, rather than pooling our brain trust
and rallying around collective solutions,
we continue to bounce around terms like complexity
and the need for grit,
which flop around like fish gasping for breath
as they cause indigestion within the cyber talent ecosystem.
Those words are weak excuses
for the indecision surrounding standardizing the knowledge, skills,
abilities, and experience requirements, also known as KSAEs.
KSAEs are necessary for entering and surviving the cyber arena.
Our inability to standardize job requirements represents the biggest challenge to our industry.
While we complain about this challenge almost incessantly, we don't seem motivated to
rectify the problem anytime soon.
This is a source of personal frustration for me, since a lot of what I do centers around
mentoring both young and older professionals wanting to enter the cybersecurity field.
Consider these real issues we face today. 1.
We continue to allow the posting of job descriptions that in no way reflect reality.
Positions asking, for example, for a CISSP certification from someone with only two years
of experience is more common than we would like to admit.
2.
We have complained for over a decade that university programs, even computer science
programs, weren't teaching cyber. Universities responded by adding cyber curricula to their
degree programs, and even created cybersecurity degrees. And our response was to criticize
the content as being too theoretical and not producing students with real experience, even
when programs were constructed by seasoned cybersecurity professionals and included real-world
experience as part of the requirements.
3.
We say we want real-world experience, but in fact we want targeted real-world experience.
When a candidate has specific experience in one area, like
SOC, and the job posting is for an access management role, many companies will not hire
the candidate because their real-world experience is not specific to the job.
4. We do not truly encourage internship and apprenticeship programs. We only encourage
such programs when someone else is operating them since we claim to be far too busy to take on an
intern. And even if we do take on an intern, they are often relegated to a
glorified gopher role versus real training and exposure to cybersecurity.
And five, we encourage alternative pathways for entry that focus on experience versus
a four-year degree, yet our job descriptions still require a four-year degree.
I can't tell you how many times I've talked to folks with relevant real-world experience
trying to break into the cyber arena, only to hit wall after wall and no after no. Meanwhile, cyber jobs are expected to grow by 32% by 2032, and there are estimates that
as many as 500,000 cybersecurity jobs in the U.S. remain unfilled.
So why does the cyber talent ecosystem have indigestion? In the end Walt Kelly said it best. We have met the enemy and he is us.
Here are a couple of thoughts on how we can solve the problem.
One, end the problem. 1.
End the Unicorn Hunts
I have a dear friend who runs a cyber town creation program at a university.
They told me about a situation where a CISO tapped his student pool for a new position.
After his students had been interviewed, the CISO declined to hire any of them.
Naturally, when my friend asked, is there something we should be teaching or training
in that we're not, the CISO told him that in reality he was, and I quote, looking for
purple unicorns.
Here's the reality folks.
Purple unicorns do not exist.
If you're just looking for purple unicorns, you are exacerbating the problem.
Instead, we need to work on nurturing and raising a cadre of solid thoroughbreds, and
yes, that takes effort and time.
2.
Get specific on KSAEs.
I am truly tired of listening to OSG's complain about what is lacking in candidates without
being able to specifically and concretely define what they are looking for in candidates.
Much of our job is not prescriptive and is necessarily fluid.
But there are foundational skills such as an understanding of protocols and services,
knowledge of data structures, encryption, basic coding structures, and risk management
that we should agree upon as being foundational skills.
The NICE Cybersecurity Workforce Framework and the Cybersecurity Competency Model are great starting points.
It would be incredibly useful for the profession to truly adopt these standards and mandate
that all job descriptions conform to these requirements.
If we don't believe these requirements are enough, then we need to create the standard
versus continually complaining about the existing inadequacies.
Folks, the challenges of our talent ecosystem are very real, but we cannot solve them via
unfocused commitments to random programs addressing non-specific needs.
If we are serious about solving the problem, let's start by clearly guiding organizations
and candidates on our needs and then demonstrating our commitment by collectively showing up.
My two cents.
I first met Ed Adams about five years ago. I was working passionately on talent issues for my company and looking for collaborators
who both saw the complexities of the issue and were eager to create and implement tangible
realistic solutions.
Ed and I spent many an evening discussing the pitfalls with the current cyber talent paradigm, so it's only fitting that he be my first guest of a
season devoted to this topic. So my career in cybersecurity started like
many of us, Kim, outside of cybersecurity because my career when it started
cybersecurity wasn't a thing. I came up as a software quality person working for the likes
of a rational software before it was acquired by IBM.
I was always into software and I loved software quality.
But for the longest period of time,
I bemoaned the fact that despite everyone talking
about different aspects of software quality,
like functionality and performance and reliability and scalability,
nobody was talking about security as an aspect of software quality.
So I started beating that drum.
And I got the attention of a nutty professor at Florida Tech
who had recently written a book called How to Break Software,
which I thought was great.
His name was James A. Whitaker, and he was working on a sequel called How to Break Software
Security with one of his PhD students.
And when we got together and he told me that he was thinking about starting this company
with a group of his graduate and PhD students to focus on software security, I said I'm
in.
I came through the software quality angle through a university spinoff way back in 2002
when very, very few folks were talking about cybersecurity at all and virtually nobody
was talking about software security.
So talk to me, I mean, you and I got to know one another because of your interest in talent
and not only creating new talent but uplifting talent.
So talk to me about that.
Talk to me about how you're general getting involved in cyber evolve to that, if you would.
I've always been a fan of trying to recruit folks into the technical fields in general,
whether it be volunteering for the Boston area middle school STEM projects with United Way,
science, technology, engineering, and math, or later in my career is encouraging folks to get into the IT and cybersecurity space. And I kept on hearing recurring themes over and over and over again,
from two types of people who typically sit on opposite sides of the table,
and they had a very common complaint.
Shocked I am, but keep going.
I know, I know.
So a lot of folks were trying to figure out how to get into cybersecurity and
struggling to do it
because they either couldn't get interviews or they felt like they weren't qualified for the jobs
they were seeing available. And then the other side of the table is my colleagues like yourself
who have cybersecurity teams or need to influence large technical teams and were bemoaning the fact
that they couldn't find talent, they couldnaning the fact that they couldn't find talent,
they couldn't recruit talent, they couldn't retain talent,
they couldn't develop talent.
And I thought to myself, well, these two problems
are not mutually exclusive.
Let's see if we can start to dig in and solve it directly.
Fantastic.
So you've looked at this problem from a lot of perspectives.
You and I have talked about a lot of those perspectives and during the season,
we're going to dive into many more of them.
But Ed, I asked you to be my first guest because since you have looked at this
problem more holistically, I think you're probably one of the best people I know
to speak on the problem itself.
So what do you see in order of priority, the top three problems,
I won't sugarcoat them and call them challenges, problems with the cyber talent ecosystem as
it exists today?
So there continue to be a very large discrepancy between job descriptions that hiring managers want to hire for and
the appropriate qualifications for that job.
I'd like you to deep dive in that a little bit and I'm going to tee up the follow on
to that which is, but wait a second, haven't we built knowledge, skills, abilities, and
experience, frameworks, etc.?
So why the hell do we still have this problem when we're the ones who are hiring?
So talk to me.
Absolutely.
And we have built wonderful frameworks like the Knights framework from NIST and the National
Initiative for Cybersecurity Education, which does exactly what you specified. It calls out knowledge, skills, abilities, and tasks, or I think it is now 54 different
job functions in cybersecurity.
So, yes, very well documented what those jobs should be doing.
The other side of that coin, one, very few people acknowledge, know, or even attempt to adopt the NICE framework as
part of their hiring practices.
It's a great first start.
The NICE framework is not perfect.
It generally omits one half of my cybersecurity color wheel, which I'm happy to talk about
at any point in time, and a very important half, I might add. But it's a great framework. And if you were a
hiring manager, why wouldn't you want to start there? Because it does give you a
great head start. And when I talk with folks that are looking for cloud
security architect positions, and what they see in the job descriptions are
things that are completely outside of what
Nice and the Nice Framework Bank should be a cloud security architect.
They get frustrated, they get confused, and more likely they just don't apply,
especially if they happen to be a woman or an underrepresented minority.
So that's one. What are the other two?
The other two is that we as cybersecurity professionals,
whether it's intentional or unintentional,
many of us lack the ability to effectively communicate
to the very much larger IT and development teams
that are in our organizations about what they could be doing
to up-level their cybersecurity acumen,
and as a result, the overall cybersecurity hygiene
of the organization, thus lifting all the boats
by raising the tide, as opposed to trying to go out
and hire 40 new cybersecurity folks,
which is going to be tough to find and very expensive.
We in cybersecurity understand red teaming and blue teaming very well.
One attacks, one defends.
Comes from the military.
You and I spent a lot of time doing that ourselves.
Combine the two, you get purple teaming.
Yay, everyone's happy about purple teaming.
My focus historically has been on the other half of that cybersecurity
color wheel, focusing on the yellow teams, the IT teams, the development teams, the engineering
teams that usually outnumber the cybersecurity teams by a factor of five, 50 or 100 to one.
Yep. And let's, while we're here, since we've hit four of the six colors on the cover wheel,
which I'm a huge fan of, if you know.
You want to talk about the other two, orange and green,
if I remember correctly, and let's round out that wheel?
Absolutely, absolutely.
So just like in cybersecurity, if you combine
red teaming offense with blue teaming defense,
you get purple teaming, which is essentially war gaming.
The same thing happens on the second half of that color wheel.
If you focus on the yellow teams,
which are basically the builders, they're not the breakers or the defenders, they're the builders.
You teach that yellow team a little bit of red teaming, you turn them orange. You teach them a
little bit of defensive tactics like secure coding, you turn them green. All of a sudden,
they're not just a yellow team building stuff. you turn them into a bit of a yellow jacket.
You give them a little bit of a stinger.
You give them a little bit of spice,
and that spice is cybersecurity,
but the spice is really security as an aspect
of the product quality of what they're building.
Yep.
I've taken to using the term OSG's,
old security guys and gals like myself.
So I'll put it there.
Why do we continue to suck at this?
I mean, seriously, I believe, you know,
I'm a West Point grad, I've got 10 years in the military.
I believe in force multiplication, okay?
It seems to me that if we were to do this effort,
it's going to raise all boats and make my job easier. One, because we generally don't understand the process of building IT
products as cybersecurity professionals.
We just don't get it.
We don't understand.
And I can't tell you how many cybersecurity professionals, even CSOs have come to me
to say, Ed, I need to train my developers on security and I will stop them right
there and I'll say, excuse me, Ms. Ciso,
can you please explain to me what you mean when you say developers?
That usually opens up a wonderfully productive conversation.
Just to use an analogy of building a house,
just like you're building any kind of IT system,
you have to define what you want, you have to design it, you have to build it, you have to test system, you have to define what you want,
you have to design it, you have to build it,
you have to test it, you have to make sure that it's functional.
Then once you produce it, you have to maintain it and update it.
It doesn't matter if it's a house and your sink breaks,
you have to fix some plumbing or it's an IT system,
a Cloud-native application,
you still have to follow all these processes.
Guess what? Each one of those phases generally has different types
of job titles and job titles that do different kinds
of things.
Now we're talking about tasks and skills and abilities.
Well, if you can't understand the fact that
in a development team, you have architects
and product managers and database administrators
and cloud engineers and automation engineers
and test engineers. You've got to know the can.
And none of them, each of them has a priority one of which is not your priority one.
And each of our priority ones is equally important not only to the success of the enterprise,
but the success of the organization overall.
No, no, no, you're right.
So that misunderstanding of what the jobs are of our yellow teams and the fact that
there are multiple job functions in there.
But then the second part, Kim, is that we as cybersecurity professionals cave too
easily.
Talk to me.
So very often we'll get pushback.
We'll hear from, you know, Mrs.
CTO to say, what are you talking about?
You want to train my developers.
Forget it, you're not turning my developers into hackers.
I need them to be developers.
And all too easily, we'll walk away, we'll back away
because the CTO, they're building the stuff
that's making our money.
I don't have as much leverage as she does.
How can I push back so heavily?
And this is where we came too easily,
because it's our fault, Kim.
We are not doing our job to understand
what her primary motivations are.
What does that CTO want to do?
She wants to build damn good quality products
in a really fast period of time.
Right?
Of course, every CTO wants to do that.
And what's the bane of good quality products on time?
Bugs.
And until we achieve that symbiosis,
cybersecurity will be viewed as an outsider
to those yellow teams.
And we're not, we're on the same side,
we're on the same team. We're on the same team.
Let me drill that a little bit more, because one of the things I've found, and I've been
preaching lately, and I'm curious as to your thought process on this, Ed, have we built
within cyber and within this ecosystem a culture that relishes the fact that we're that outsider?
Oh, yeah.
Because I find myself knocking down folks to say,
it's not we, they, your paycheck is signed
by the same person, if they fail,
congratulations, so do you.
Is that just me or am I missing something?
No, you're not at all.
A lot of it comes out of the bravado hacker culture
that personally I'm trying to help change
in the cybersecurity security industry,
but it's very, very difficult.
Oh, yeah.
Almost impossible.
And it all stems from the, hey, if I can hack you, I'm better than you.
If I can find a problem with your stuff, I'm better than you.
So we almost set ourselves up to be outsiders right from the start.
So getting back from a talent standpoint, you've talked a little bit about those relations
creating the ability to raise talent within the existing corporate ecosystem, if you
will, by creating the yellow team, the orange team, and the green team and arming them.
From an intake standpoint, you talked earlier regarding we've been complaining regarding
there are challenges with intake.
We've been complaining regarding there are challenges with the ways we're intaking.
I'm going to shift a little bit in terms of those different mechanisms of intake.
I agree with you a thousand percent that not figuring out what the requirements
are for specific jobs and that disconnect is causing chaos regarding our intake mechanisms.
We've created different entry level intake mechanisms.
I still see us running into and in fact I think that's one of our upcoming episodes
as well.
You asked 15 different CISOs what they're looking for from an intake perspective, and
you get 417 different answers, and none of them are great.
So you have been around and more closely than I have, me as an operator, you as a person
who has been trying to fix this problem, looking at the different mechanisms we've created for intake between the certifications,
between the two-year colleges.
There are now these things called cyber degrees out there,
and yet we're still seeing to be challenged
with what are we looking for?
Are you seeing that this plethora of intake mechanisms
is making things better or worse,
or can it not make things as better as they could be,
because there are different methods of intake that are trying to solve a problem
that we haven't defined since we haven't defined what the hell we're looking for.
Like you said, if you ask 50 CISOs the same question, you'll get 400 and something answers.
Well, I did ask 50 CISOs, including you, the exact same question, you'll get 400 and something answers. Well, I did ask 50 CISOs, including you,
the exact same question as far as what are you looking for
in an entry level.
Yeah, but I gave you an answer
because I mapped my stuff to NICE.
Yes, you did, you did.
And I took those 50 answers and I wrote about them
in the book.
And what I was able to determine is that there is a distinct pattern, which I found fascinating.
I'll give you one simple highlight.
The most common trait or characteristic that CISOs are looking for had nothing to do with any degree,
any certification, or any experience. And that was, if you're willing?
The ability to be taught. I love it.
That's it. Like that was it. And however, when I still read cybersecurity job descriptions,
whether they're entry level or not, I do not see those words showing up. I see things like degrees
and certifications and technical skills, which didn't come out of the mouths of people I
interviewed, but they're on the pieces of paper that show up as job requirements.
Yeah.
Yeah.
So, what is the one thing we haven't discussed yet that you believe is essential to solving
the Thailand ecosystem problem?
And or what is the one thing we haven't talked about that you would like to make sure gets
mentioned?
You don't need to have a technical background to have a successful career in cybersecurity
full stop I
Think that's a very
understated but incredibly
important comment
Almost as important as the five words that I've heard come out of your mouth on many occasions,
which is entry level means no experience.
There are so many talented people that I have personally hired
and worked with at other companies that don't have
technical backgrounds that are fantastic in cybersecurity.
So many different jobs that are critically important to cybersecurity.
Zero, zero technical background.
And one of my personal favorite, CISOs, a lady named Sharon Burgess from BCD Travel.
Know her well.
And she's a absolute talisman of success no matter how you measure it, personally and
professionally.
As a female CISO of color,
there's not a lot of those around.
She rose to that level with a degree in, wait for it, Spanish. Yep. And she's a remarkable season.
So I am going to actually throw one more at you because I'm beginning to see a lot of change in the wind right now.
And I would love to get your perspective on this.
You know, I'm seeing a handful of things in the past year ish or so.
Um, one, the OSG's of the world are retiring.
I consider myself semi-retired right now.
And, you know, I mean, I'm loving what I'm doing within that
environment, but several of the OSG's, the old security guys and gals who are upper 30s
of years of experience into early 40s of experience have stepped away from operational roles.
We've also seen a group of individuals who have come up
during the time frame where we were advertising,
all you need to do is hack in order to get into cyber, who are now coming of age in the role and beginning to struggle
with those business focus and showing value and communication pieces that we're dealing with.
All along the time frame where we're beginning to see people finally understand that liability
is the third leg of responsibility and accountability, you do need more than just to be able to hack
to do this.
So there's a lot of movement going on right now simultaneously and at the same time, as
I was about to say, regarding the profession.
I'm curious as to what you see as potentially the outcome of that in our Italian ecosystem.
Talk to me.
There has been an absolute explosion of virtual CISO companies or virtual CISO offerings
that have emerged.
And a lot of those OSGs are appearing as virtual CISOs
and there's reason for it.
One, they don't have the liability that you talked about.
And that's a big one.
We, as an industry, are chasing talented people away
from the C-level cybersecurity roles because of that liability, which is...
Because what we're also seeing with that is we're seeing young folk who come from consulting
have two years of experience in a PMP say, I'm a virtual CISO. No, you're a security consultant.
No, I'm a virtual CISO and stand on that.
So we're also seeing a lot of folks, not just the OSG's, but a lot of folks abuse that title
in my opinion.
So yeah, I'm seeing that trend as well.
Go on.
Completely, completely.
Yeah.
So, and you actually finished my point for me, which is some of these CSO services are
completely legit and very valuable because you can get super talented folks for a fraction
of the time and fraction of the price, but there's a lot out there that are selling,
overselling shall I say.
So you've got to do a little bit of due diligence to find the
needles in the haystack in that particular analogy. And the other trend that I'm seeing is
the cybersecurity professionals that have come out of the technical ranks that are getting into
leadership positions, as you mentioned, they are struggling on the business side
and they're struggling.
And I would add to that, agreeing with what you're saying,
there has been no need for them to have that exposure
to be successful up until this point.
And because of that, where security and the rest of you
are just the business thing that
we talked about earlier, there's also in many cases been a lack of a desire.
And those two things combined make the transition harder.
In their minds, and I'm oversimplifying this, when they walk into a boardroom and say things
like, but dude, we've got five priority one bugs in three zero days.
Of course, we've got to fix these.
They get blank stares,
they get frustrated and they walk away.
That's a shame because that's a great opportunity for them to develop as
a person and as a professional and as a cybersecurity contributor
to the board that they're working for.
Yep. Yep. One of the presentations I have been giving to groups of CISOs,
what I usually do is I start the presentation with, show of hands,
how long have you been in cyber? At 38 years, yes, I'm usually at best one of two
who's been in over 35 usually I'm the old guy and
The first question I ask is how have I failed you?
ah
Wish more people good that we are part of the problem
But we also we also need to encourage folks that want to get into the professional and think that they can't for whatever reason
They're not worthy. They don't have the technical chops,
they don't have, you know, whatever it is.
And in fact, the first three words that I wrote in my book,
which it's called See Yourself in Cyber,
but the subtitle is Security Careers Beyond Hacking.
Beyond Hacking, yeah.
Yes, but the first three words I wrote in that book is,
I'm an imposter.
And the reason I wrote I'm an imposter. And the reason I wrote I'm an imposter is because
I don't have a single cybersecurity certification.
I don't have a cybersecurity degree.
I haven't even sat through one of your SANS courses
and gotten a certification from that, Kim.
Why are we talking to this guy again? Never mind.
And yet, I was able to forge a successful career in cybersecurity.
My background, just like Sharon, who has a degree in Spanish, I have a degree in English
literature.
What good is that when trying to sort out zero days?
Well, it's great because I learned how to communicate and articulate and summarize and
empathize for a whole bunch
of different reasons.
Very, very useful to me.
But a lot of folks would look at me as an imposter.
And sure, look at me as an imposter.
I don't have all those credentials that you might think about today as a successful cybersecurity
thought leader, quote unquote.
Fine.
But I am.
And a lot of people out there can be cybersecurity professionals too,
and they belong just like I belong. And that's a wrap for this episode of CISO
Perspectives.
I hope today's conversation gave you new insights and practical takeaways to navigate
the ever-evolving world of cybersecurity.
Leadership, strategy, and shared knowledge are key to staying ahead, and we're glad to
have you on this journey with us.
To access the full season of the show and get exclusive content, head over to the cyberwire.com
slash pro. As a member of
N2K Pro, you'll enjoy ad free podcasts, access to resource filled blog posts diving deeper into the
CSER perspectives research and a wealth of additional content designed to keep you informed
and at the front of cybersecurity developments. Visit the cyberwire.com slash pro to get the full
experience and stay ahead in the fast
paced world of cybersecurity.
We'd absolutely love to hear your thoughts.
Your feedback helps us bring you the insights that matter most.
If you enjoyed the show, please take a moment to leave a rating and review in your podcast
app.
This episode was edited by Ethan Cook with content strategy provided by MyOnCloud, produced
by Liz Stokes, executive
produced by Jennifer Iben, and mixing, sound design, and original music by Elliot Peltsman.
I'm Kim Jones, and thank you for listening. you